Minutes of the P3P Specification Working Group Face to Face Meeting 6-7
March 2003 Cambridge, MA

(thanks to Rigo Wenning and Ari Schwartz for contributing their notes)

Present

Lorrie Cranor, AT&T Labs-Research

Jack Humphrey, Coremetrics

Brooks Dobbs, Doubleclick

Ari Schwartz, CDT

Jeremy Epling, Microsoft

Mathias Schunter, IBM

Brian Zwit, Integrity Insurance, AOL

Danny Weitzner, T-and-S Domain Leader, W3C

Rigo Wenning, Privacy Activity Lead, W3C

Helena Lindskog, Ericsson

March 6

INTRODUCTIONS AND DISCUSSION OF THE AGENDA

All present introduced themselves. As part of his introduction, Mathias
Schunter made the following announcement: We are pleased to announce the
first public version of the IBM Enterprise Privacy Authorization Language
(EPAL). You can find the language specification and XML schema at http://www.zurich.ibm.com/security/enterprise-privacy/epal
We are working on WS-Privacy together with Microsoft, want to keep P3P out
the B2B area. Want to have some enterprise language that should be compatible
to P3P.

Danny gave some history related to the Liberty Alliance in preparation for
our discussion with them later.

Liberty has notion of rights expression language, they have a gap and
need something to fill it

attribute sharing

packages of privacy practices/profiles? high/medium/low

looking for something easier to implement than P3P

P3P gives them a level of policy legitimacy in Europe

CHARTER AND TASKFORCES

The
P3P 1.1 charter is being voted on by the membership. We hope to hear that
it is approved in the next few weeks. We are currently operating under the
assumption that it is likely to be approved with minor changes.

The deliverables in the charter are based on the discussion at the
workshop last fall. They include items that reflect a strong consensus that
these are things we should do as well as items with less support where
someone just said he would do it.

We will have task-forces. Those TF will bring up the first draft and it
will be discussed in the WG. Timeline in the deliverable session: Lorrie
announced that she will enforce the timeline strictly. Everything that
doesn't make it in the timeline will be considered for P3P 2.0 (pending
charter of that working group).

The W3C's public Bugzilla will be the thing to be used for for tracking
issues instead of our old issues list. Please register with Bugzilla at
http://www.w3.org/Bugs/

Spec clarifications and items not covered by a specific taskforce will be
covered by the working group as a whole. An individual should raise the issue
and make a specific proposal.

Brian was interested in working on clarifying what a P3P policy means in
the spec. He and Danny volunteered to draft a proposal.

ACTION: Brian & Danny: Create a proposal for clarification of what a
P3P policy means

If we have a lot of clarifications and corrections before we are ready to
put out the p3p 1.1 spec we may put out a corrected version of the p3p 1.0
spec. In the mean time we will update the errata page.

Agent and Domain Relationships taskforce

will look at how to deal with third parties.. How to say: I am the
agent working for this site...

closely tied to compact policies

Consent Choices taskforce

Matthias Schunter volunteered to chair

Lorrie will participate

Have more statements and group them and opt-out opt-in in a package It
is pretty similar to naming statements.

XML Schema taskforce

Giles Hogben volunteered to chair

Jack volunteered to review

Rigo suggested that Massimo should be involved

Signed P3P Policies taksforce

Giles Hogben volunteered to chair

some people unclear on why signed policies are need.

ACTION: Danny and Rigo, modify charter for this taskforce to require that
TF first provide explanation of why signed policies are needed and motivation
for this work

APPEL

APPEL is not mentioned in charter despite strong interest from some. There
was no consensus on how to move forward for P3P1.1... We don't have a TF but
we will accept proposals, otherwise can be considered in P3P2.0 timeframe.

Regularly scheduled teleconference will be 11 am on Wednesdays. We
probably will use this time slot every other week, but people are encouraged
to reserve this time in their schedules every week and use it for taskforce
meetings, etc. Conference calls will start in two weeks.

There will public mailing-list and public group-page. Contact info etc
will be on the member-only page.

P3P BEYOND HTTP

What do we want to discuss with Web Services Architecture Group
tomorrow?

Lorrie gave an overview and history of our attempts to get the WS folks to
pay attention to P3P.

trying to make P3P understandable has been difficult to date, making it
more granular would make it worse

general discussion on how user agents handle these issues

concern about the fact that individuals that individuals choose strong
privacy rules without realizing the loss of functionality

this is why P3P focuses on use and specifically secondary use

discussion about the term "linked" in the spec. Meant to be based on
the intention. We need to clarify this in the spec

*** Agreement if compact policies were as expressive as full policies, it
would still not be expressive as some may like, but this should be expressive
enough for our needs (Brian reserved the right to question this again down
the road)... assuming that we want to keep compact policies

Required attributes

I, A & O - cookie may be necessary for functionality

user can't tell the difference between different secondary purposes

discussion of ways to set different preference to be accepted within
the same cookie

discussion of issues with contractors that have access to cookies

most privacy issues come on the cookie replay not at cookie
collection

ACTION: Lorrie: add issue to Bugzilla to consider modifications to 2.3.2.7
-- could be changed "MAY" to "SHOULD" in order to cover importance of replay
-- this should be brought up with the whole group. It is larger than just a
compact policy question.

ACTION: lorrie: add issue to Bugzilla on clarifying what we mean by data
linked to a cookie

User Agent

verifying that Web developers aren't just complying with IE6 and not
doing full policy or proper compact policy, user agent behavior TF should
discuss

ACTION: Lorrie: add Bugzilla issue for UA TF on guidelines for
verification that CP site has full policy, complete CP, etc.

Lorrie argued that 5 levels are not needed and that idententy service
providers could come up with whatever levels they want to offer their
users

Joseph Reagle suggested that 5 levels help sites coalese and find a common
level facilitating policy making in the market

There may be a potential collision problem when w3c gets around to
defining P3P/soap bindings... this should be anticipated and design should
avoid problems ... joint note on transferring P3P references with SOAP?

discussion of location vocabulary and privacy policies - work being done
at OMA, 3GPP

how to define location precisely

how location data will be used

P3P group will continue to provide feedback to Liberty

March 7

The Article 10 issues and UA behavior issues were discussed on a phone
conference. Dialing in were Giles Hogben, Marc Langheinrich, and Marty
Abrams

ARTICLE 10 VOCABULARY ISSUES

Giles - plans to make detailed report with proposals before June Kiel
meeting

ambiguity on cookie processing requirements - set or replay?

storing a cookie on a users computer is an act of data processing

maybe offer two choices to WG

requirement

EU guideline

notification of user before data processing - to satisfy EU law
human-readable portion of policy should be displayed to user before data is
processed

lots of practical and usability issues

maybe simultaneous display rather than consent

probably EU guideline

ability to specify jurisdiction

attribute of recipient element - EU, US safe harbor, non-EU

concern about regime-specific data element that may need to change as
laws change

preference language

want to highlight as important issue, but are ok waiting to v2

should discuss at Kiel meeting

USER AGENT BEHAVIOR

work on user friendly language for P3P vocab elements

work on other guidelines -- user agents should print P3P policies,
etc.

brian - lawyers would get more legalistic in full policy with layered
notices

Lorrie - use P3P human-readable fields to provide layered notice

Brooks - not that much legal uncertainty -- regulators say that whatever
the users see first you have to live up to so they all have to be
consistent

Everyone would benefit from more specific testing of language that makes
sense to users

user agent testing in Europe - Giles, can test our user agent strings,
waiting for funding, hopefully will get funding by September

Microsoft user agent testing - results within next few weeks

AT&T probably testing in April or May

highlights notice glossary - go box by box and come up with vetted phrases
and words that define an item - that group will convene in May

not everyone will use these terms -- voluntary effort

consensus that we would like notices group to try to come up with 1 to
1 mapping of highlights notices to p3p vocab elements -- Lorrie will work
with them

Other areas for user agent guidelines

EU-specific guidelines

printing and saving policies

Microsoft beta 1 is planned for January... they would like guidelines ASAP
so that it is possible for them to take them into account for that release...
will be very difficult to incorporate changes from WG later

OTHER DISCUSSION

North American outreach: Ari

US federal government to require P3P

OMB will issue guidance in April

workshops for federal agencies

FTC privacy workshops

WS Policy

Microsoft/IBM/BEA effort (not affiliated with W3C) - still underspecified,
but eventually should define bindings that may be helpful in our efforts to
define P3P beyond HTTP... political problems due to this work taking place
outside W3C

Jeremy had a long list of suggestions

show the user the difference between a consequence and a value
proposition

maybe two fields?

maybe structured consequence field?

add a statement grouping mechanism so that user agents can display
related statements together - grouping element is one mechanism to do
this, another is to add a group name attribute to the existing STATEMENT
element (ebay and windows media player examples)

add human readable intro section ? not much interest in this

consider adding human readable explanation strings to all elements that
don't currently have them ... generalize long description

note explaining why we did identified/identifiable, what it means, what
linking means, include some examples

access method or opt-in/opt-out method? we probably don't need that

Jeremy said it is likely that we will see preview of new IE P3P
functionality in October when Microsoft shows preview at developer
conference

ACTION: Lorrie, add Bugzilla issue to consider expanding definition of
consequence field in spec and/or adding structure to consequence field